Cyber Security Today, Oct. 6, 2023 – The Qakbot gang is still operating

Share post:

The Qakbot gang is still operating.

Welcome to Cyber Security Today. It’s Friday, October 6th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The operators behind the Qakbot malware are still going strong. In August law enforcement agencies from seven countries said they infiltrated and took down the IT infrastructure spreading the malware. But researchers at Cisco Systems said Thursday that even before the police action the gang had started a separate operation. It’s been launching phishing emails to distribute the Ransom Knight ransomware and the Remcos backdoor. The implication is the law enforcement action only disrupted the gang’s command and control servers but not their spam delivery infrastructure. The kind of emails that are being sent try to trick employees with subject lines involving unpaid invoices and bank transfer requests. It’s not the first time a criminal gang has been hit by police but not destroyed. It won’t be the last.

Another American company has acknowledged being victimized by the MOVEit file transfer vulnerability. Pathward NA, which provides data processing services for H&R Block’s Emerald debit card users, is notifying over 793,000 people their personal information was copied in a hack of Pathward’s MOVEit server. Data stolen includes names, addresses, dates of birth, Social Security numbers, driver’s licence numbers and certain debit card information.

The on-premise version of Atlassian Confluence collaboration suite has a critical vulnerability that IT departments have to deal with. The company says Confluence Data Centre and Confluence Server above version 8.0 have a hole that allow an attacker to create unauthorized administrator accounts. Administrators have to either upgrade to the latest version of the applications or implement recommended mitigations. The cloud version of Confluence isn’t affected.

Sony is still investigating claims of the RansomedVC ransomware group that it recently hit the entertainment and electronics giant. According to SecurityWeek, Sony admits one of its internal test servers was hacked. That server didn’t have customer or business partner data, Sony said. That doesn’t mean it didn’t have important corporate data. RansomedVC has posted a 2GB file allegedly stolen from Sony.

Finally, IT departments with Microsoft’s SQL Server in their environments have to make sure the application is locked down. Microsoft says an attacker tried to exploit a vulnerability in SQL Server to get into an organization’s Azure cloud environment. The goal from there would be to get deeper into the IT infrastructure. They try do that by taking advantage of an SQL Server cloud identity. Administrators have to make sure any cloud access identities are secured to protect SQL Server and cloud resources from compromise.

That’s it for now. But later today the Week in Review edition of the show will be available. Guest commentator Terry Cutler of Montreal’s Cyology Labs will discuss ways of implementing an effective cybersecurity awareness program for employees.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Oct. 6, 2023 – The Qakbot gang is still operating first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Hashtag Trending Feb.23- Companies losing top talent with long hiring processes; Intel – the “foundry for the world?”; AT&T outage

(PRE MUSIC ANNOUNCEMENT) If you know me, you know I’m passionate about three things – music, books and data. My interview on the weekend edition hits two of those passions. I read a book called Winning with Data Science, and it blew me away. So, I reached out and managed to get one of the

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways